What Emotet Tells Us About Cybersecurity Readiness

Image credit: iStockphoto/solarseven

Attempts to breach network defenses can be laughable. Every executive’s spam folder brims with emails from “Nigerian princes” who suddenly found themselves wealthy but simply couldn’t access their hoards of treasure. The misspelled emails urged the recipient to partner with the scammer — of course, it was a blatant ruse.

In 2021, crude efforts like these still clog spam folders. But infiltration of networks is no laughing matter. In late January this year, European police agency Europol said they “disrupted one of most significant botnets of the past decade: Emotet.”

“First discovered as a banking Trojan in 2014, the malware evolved into the go-to solution for cybercriminals over the years,” said Europol in a statement. “The Emotet infrastructure essentially acted as a primary door opener for computer systems on a global scale.”

Global malware evolution

Chief security officers, chief information security officers, and chief digital officers should note Europol’s assessment of Emotet as an infrastructure that evolves. Once a piece of malware has proven effective in the wild, malware writers often use it as a template — changing bits and pieces of the code to infiltrate systems that were patched against the original malware.

“The Emotet group managed to take email as an attack vector to a next level,” said Europol. “Through a fully automated process, Emotet malware was delivered to the victims’ computers via infected email attachments.”

Post-COVID-19, enterprises and SMEs alike are accustomed to employees who work from home (WFH). With remote workers using their own setups, CXOs must take a holistic approach to cybersecurity. Employee training is an integral part of tech strategies now — online hygiene measures dictate that email attachments are suspect until proven otherwise.

“With everyone now working from home, we are much more sensitive now about remote access,” says Richard Stagg, managing consultant at Handshake Networking Ltd. “What’s the security profile of an off-the-shelf router set up by the ISP or the employee, which [is] all that stands between [WFH employees] and the world [and] yet hasn’t had its firmware updated since 2014?” Many such routers haven’t even had their default passwords changed.

All too many WFH employees share their home Wi-Fi setups with roommates, children, or even neighbors. “Or with their domestic helper’s Samsung tablet, which is bursting at the seams with dubious Android apps,” says Stagg. “None of us were trained for THIS.”

Cybersecurity dedication

Research firm Gartner expects an uptick in such training. Many boards of directors are now forming committees dedicated to cybersecurity matters, says Sam Olyaei, research director at Gartner. “This change in governance and oversight is likely to impact the relationship between the board and the chief information security officer (CISO),” he added.

“By 2025, 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member, up from less than 10% today,” said Gartner in a statement. “This is one of several organizational changes Gartner expects to see at the board, management and security team level, in response to the greater risk created by the expanded digital footprint of organizations during the pandemic.”

The research firm’s 2020 survey of company directors showed cybersecurity-related risk rated as the second-highest risk source for the enterprise, following regulatory compliance risk.

But relatively few directors feel confident that their company is properly secured against a cyberattack. CISOs should experience more scrutiny but are also likely to receive more support and resources and should expect executive conversations to shift to risk-oriented and value-driven exercises.

Gartner predicts that by 2024, 60% of CISOs will establish critical partnerships with key executives in sales, finance, and marketing, up from less than 20% today. By 2025, 50% of asset-intensive organizations will converge their cyber, physical, and supply chain security teams under one chief security officer role that reports directly to the chief executive officer, predicts the firm.

WFH benefits

Despite dodgy email attachments and wonky Wi-Fi setups, the WFH paradigm can benefit savvy enterprises.

Pre-COVID-19, many organizations struggled to locate, hire and retain security professionals. Now, security consultants comfortable with WFH arrangements can work for firms across different locations and time zones.

As a result, Gartner predicts that by 2022, 30% of all security teams will have increased the number of employees working remotely on a permanent basis.

Image credit: iStockphoto/solarseven